Newly Patched IE Flaw Already Being Exploited

Attackers are already exploiting a critical remote code execution vulnerability in Internet Explorer that Microsoft released a patch for Tuesday.

The fact that exploit code is in the wild and being used by attackers makes it especially urgent that Microsoft customers immediately apply Microsoft Security Bulletin MS05-054.

The bulletin is a cumulative security update for Internet Explorer and includes fixes for three other new vulnerabilities. One of those flaws is also critical, but it was not publicly disclosed before Microsoft released the security bulletin.

Both of the critical flaws are even critical for Windows XP Service Pack 2. Often, patches that are critical for other platforms are less severe on SP2. Customers running IE 6 on Windows Server 2003 only face a moderate threat from the two critical flaws, according to Microsoft's bulletin.

MS05-054 is one of two security bulletins Microsoft released Tuesday as part of its monthly security patching cycle. The other bulletin, MS05-055, has a maximum severity of important, one step below critical on Microsoft's threat scale. That patch fixes a flaw in the Windows kernel that could allow an elevation of privilege.

Microsoft also re-released MS05-050 on Tuesday to revise versions of the update for Windows 2000 SP4, Windows XP SP1 and Windows Server 2003.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Adds Privileged Identity Management Delegation to Azure Lighthouse

    The commercial release of Privileged Identity Management (PIM)-enabled Azure Lighthouse delegations is now available, Microsoft on Monday announced.

  • Microsoft Commercially Releases Entra Workload Identities

    Microsoft announced on Monday that its Entra Workload Identities service is now available as a commercial product offering, having reached the "general availability" stage.

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • OpenSSF Adopts Microsoft Open Source Software Security Guidelines

    The Open Source Security Foundation (OpenSSF) announced on Wednesday that it has adopted the Secure Supply Chain Consumption Framework (S2C2F) for ensuring the secure use of open source software (OSS) by developers.